Attention visitors to Rob's World!: Like me, you may be the victim of a Spammer. During the month of November 2002 (the first time it happened to me), someone began forging my domain name (RobsWorld.org). The spammer forged the From: and Reply-To: fields of his/her spam messages. The spam in question advertised adult web sites, and had a subject line which began with the phrase: "Need a date?" or "Married but lonely?".

I have also been the victim of numerous additional identity forgery incidents since the Nov 2002 episode (Most recently - May of 2008). See below for From:/Reply-To: forgery in general. The same stands true for all these incidents. I didn't do it! I'm not a spammer.

Attention system administrators/spammer victims: I assure you, and the administrators of your ISP/domain, that I did not send you any spam email. It is very likely that the email in question was spam sent by someone who forged my email address/domain. These messages did not come from me. Someone else was forging my email address to send their SPAM. I first learned about this spammer, and the domain forgery, on the 7th of November 2002. The domain name forgery stopped by the 21st of November, but the spamming continued using other forged domain names. If you've received a spam message with my domain name/email address in the From: or Reply-To: field, I'd appreciate it if you could forward me the entire message, with the full header intact. The message content and headers are essential in tracking down the individual(s) responsible for forging my email address/domain. I do not want anyone sending SPAM with my name on the message. See my Feedback page for contact information.

Why would a spammer forge header data?: Spammers forge email header data like the From:, Reply-To: and Return-Path: lines because they do not want to receive complaints (or have complaints routed to their ISP). They just want your money. They want to remain anonymous so that they can continue to practice their illegal activities. So they can continue violating the law and stealing the resources and money of innocent victims. Unfortunately email forgery is simple and commonplace. Forgery of email header data makes it nearly impossible for the average email recipient to complain about or report spam effectively. If you can't figure out who really sent you the spam, you can't get them shut down.

Unfortunately, many ISPs haven't figured out that spammers forge the header data. Many ISPs still send out automatice replies/bounce messages based on these same header lines. When ISPs respond to the From:, Reply-To: and Return-Path: headers, they make the spam problem worse. What they should do is defer acceptance of the message until the recipient status is verified. If the message cannot be delivered for any reason, they should refuse to accept the message for delivery. Instead they accept the message and then check to see whether it can be delivered.

What I did about it: As a company/web site administrator, you can't prevent spammers from forging your email address/domain in the spam that they send. You can't do it. You can't conceal your email addresses and only reveal them to trustworthy individuals. Your clients, visitors, and friends need to be able to contact you. All you can do is react when a spammer forges your name/domain on a piece of spam.

I did my best to figure out who was forging my domain/email address. I contacted numerous ISP's, web hosts, and system administrators in an effort to find out who was forging my domain/email address. Over the past 5 years or so, I've gotten fairly good at tracking down spammers. I know how to detect header forgery, how to de-obfuscate encoded URL's, and how to track ISP/web host contact information. I used all the skills at my disposal, to track down the guilty party, but in the end, I was unable to determine who was responsible for this forgery and identity theft. Unfortunately, while you may be able to figure out what IP/email service is responsible for sending the spam. The truth is that you will almost never discover the identity of the individual responsible for the spam. They are 'Protected' by privacy laws, and sometimes they have the added protection of a spam-friendly ISP/mail host. The ISP responsible may feign ignorance, ignore the problem, or refuse to help you in any way whatsoever.

More specifically;

1. I notified my web and mail hosts. I didn't want Rob's World! shut down, because of complaints from people who didn't realize that the spammer was forging my domain/email address.
   
2. I put up a lengthy explanation (this page), describing the circumstances surrounding the incident. That way annoyed spam recipients that came to my web site would understand what happened, and that I wasn't responsible for the spam message(s) he/she received.
   
3. I collected evidence (printed and electronic copies of complete emails, including all headers) in case it became necessary, to either pursue the spammer through the courts, or convince a skeptic that I didn't send the spam.

I'm not surprised that some unscrupulous spammer forged my email address. Over the years, I've been responsible for shutting down quite a few spammers. I wasn't too surprised when a spammer decided to drag my name through the mud. I tried my best to put an end to the criminal abuse of my internet identity, the various ISP's, and everyone who received the unsolicited commercial email. I currently (when I originally wrote this web page (back in 2002)) have documented evidence of at least fifty two instances where this spammer forged my email address. Since then I've been a victim many more times.

How can you be sure I wasn't responsible for the spam?: Every email message sent over the internet, contains information called header data. Some of that header data can be forged, some of it cannot. Spammers typically forge a large percentage of their header data. If you receive/have received an email (allegedly from me), I encourage you to examine the full headers. Most email clients (Software) have a 'show full headers' feature/capability. Examine the IP addresses in the header, you will likely find that much of the data is forged, and you will also find that the header data does not point back to me, my ISP, my web host, or my mail server(s). If you are unsure how to read/interpret the header data, I encourage you to do a little research. You can start by reading a tutorial on how to read email header data.

Here's a few more links that may provide additional information regarding email headers. How to read/analyze the header data and the internet standard for header data.
<http://www.shortinfosec.net/2008/07/mail-header-security-analysis.html>
<https://www.uic.edu/depts/accc/newsletter/adn29/headers.html>
<http://whatismyipaddress.com/email-header>
<http://www.faqs.org/rfcs/rfc822.html>

So what should you do with this spam?: If you've received some of this spammers email (spam which appears to be sent by me). I'd ask you to do two things. First, send an abuse report via email, to the ISP that relayed the email to your email server/service. (Don't send an email to the From:, Reply-To: or Return-Path: address. Don't send an email to the postmaster/abuse address of the From:, Reply-To: or Return-Path: address. Doing so is nearly guaranteed to get no attention, or make matters worse. I guarantee it's not my email server/service (I'm not a spammer). Secondly, send a copy to me. Please be sure to include the full header. As I stated earlier; the message content and headers are essential in tracking down the individual(s) responsible for forging my email address/domain, and sending the spam.

What should you do about spam in general?: The simplest thing to do is just delete it. Replying directly to the forged From:, Reply-To: or Return-Path: address is ineffective, as either (a) the From: or Reply-To: addresses are forged, or (b) your email address will be added to a list of 'Working email addresses', which the spammer can use to optimize his or her operations, or sell to other spammers.

What else?

1. Try to avoid loading spam in an email client which automatically downloads and displays images. Spammers often encode your email address in the URL used to retrieve those images. By examining their web server logs, they can determine if you received the email, and whether you read it. Rendering HTML capable email can also expose you to several different varieties of viruses and trojans (Some HTML rendering engines do not download/display images by default).
   
2. For the same reason, don't click on any links in suspected spam. Doing so will only confirm your email address as 'Live prey'!
   
3. If you want to do some detective work, look at the domain tools page, which has a nice collection of online tools for deciphering URLs, tracing website ownership, and researching ISP contact information. But be careful! It's all too easy to point the finger at the wrong person. Spammers try to cover their tracks, and more than one of the email headers will typically be forged.
   
4. And obviously, never buy anything from a spammer. You don't really think your credit information is safe with somebody who forges emails for a living, do you?

Authentication and Identification: How do you know I am who I say I am? When communicating via email, I take several measures to authenticate and identify myself. These measures can easily be detected in my email headers (and body), and are extremely difficult to forge. I doubt any spammer would go through the trouble of trying. If you receive an email which is allegedly from me, but doubt it's authenticity, I urge you to forward a copy to me. For information on how to contact me, please see my Feedback page. For more information about spam, and how I feel about it, refer to my spam offer.

The final update (or is it?): The last known date for this forgery (the forgery of my domain that started back in November of 2002) occurred on 21 November 2002. During this two week period, I racked up documented evidence, which included 52 unique email addresses which were spammed by this low life. Unfortunately, I wasn't able to track down the person responsible for this activity. The ISP's, web hosts, and system administrators that I dealt with were reluctant, unwilling, or unknowing in their responses, and the spammer used numerous techniques to hide his/her true identity. During the investigation, I received a lot of bounce messages, automated replies, and total silence in response to my inquiries. Maybe next time I'll catch the criminal.

The war continues: When I originally wrote this back in 2002, I didn't anticipate that there would be more incidents of this kind of attack. Is it intentional? I don't know, the only manner in which spammers communicate to their victims is through spam. Through the collateral damage they inflict, through the injuries they cause. They wouldn't dare reveal themselves directly to their victims. To do so would be brave, and we know that all spammers are cowards. They hide behind compromised servers, they hide behind false identities, they obfuscate the links to their web sites, they deflect criticism and replies with forged From: and Reply-To: addresses. They exist in a criminal state of anonymity. They know that what they do is illegal, and they don't want to go to prison, or lose their ill-gotten loot.

The battle continues... It's a war I tell you, a war! and I won't rest until the last spammers head rests on a pike outside my mail-servers fire-wall! Death to Spammers! (Not-intended as an actual death threat to anyone in particular. I don't know any actual spammers. They're all to cowardly to reveal their true identities.)